sudo vim /etc/ssh/sshd_config

#       $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem sftp  /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
#PasswordAuthentication yes

#PermitRootLogin yes
Port 26488


# 用户重新尝试输入密码的次数
#密码错误的次数6/2=3(MAN帮助中写明要除2)次后断开连接
MaxAuthTries 10
# 每个连接可以并行开启多少个会话（session）
#最大的会话连接数(连接未登录的会话最大值，默认拒绝旧的连接未登录的会话)
MaxSessions 16

#PubkeyAuthentication yes

#PubkeyAuthentication yes
#禁用root账户登录，非必要，但为了安全性，请配置
PermitRootLogin no

#检查用户家目录中ssh相关的配置文件是否正确
# 是否让 sshd 去检查用户家目录或相关档案的权限数据，
# 这是为了担心使用者将某些重要档案的权限设错，可能会导致一些问题所致。
# 例如使用者的 ~.ssh/ 权限设错时，某些特殊情况下会不许用户登入
StrictModes yes

# 是否允许用户自行使用成对的密钥系统进行登入行为，仅针对 version 2。
# 至于自制的公钥数据就放置于用户家目录下的 .ssh/authorized_keys 内
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

#有了证书登录了，就禁用密码登录吧，安全要紧
PasswordAuthentication no

PermitEmptyPasswords no     #用户使用空口令登录
GatewayPorts no                     #启用网关功能，开启后可以将建立的SSH隧道(端口转发)共享出去
ClientAliveCountMax 3           #探测3次客户端是否为空闲会话，↓3*10分钟后断开连接
ClientAliveInterval 10          #空闲会话时长，每10分钟探测一次


#关闭GSSAPI验证机制 #解决Linux之间使用SSH远程连接慢的问题
GSSAPIAuthentication=no

# 10：当连接数达到10时就开始拒绝连接，不过不是全部拒绝，我们继续往下看
# 30：当连接数到达10时，之后的连接有30的概率被拒绝掉
# 60：当连接数达到60时，之后的连接就全部拒绝了
MaxStartups 10:30:100 

#禁止将IP逆向解析为主机名，然后比对正向解析的结果，防止客户端欺骗
#指定sshd是否应该对远程主机名进行方向解析，以检查此主机名是否与其IP地址真实对应。默认值为"yes"。个人建议改成no，否则可能会导致ssh连接很慢
UseDNS no


#限制可登录用户的办法如下：
AllowUsers  zeronegg  qisiwolejump      #允许ssh登录用户
#DenyUsers             #禁止ssh登陆用户
#AllowGroups         #允许ssh登录用户组
#DenyGroups         #禁止ssh登陆用户组
#


#限制SSH过期时间
#ClientAliveInterval 60
#ClientAliveCountMax 60

#登录时不输入密码时超时时间
LoginGraceTime 2m

sudo service sshd restart


# vi /etc/hosts.allow
 
# #下面为允许通过制定ip访问服务器
# sshd:xxx.xxx.xxx.xxx:allow
# sshd:xxx.xxx.xxx.xxx:allow
# sshd:172.16.0.0/255.255.0.0:allow
# sshd:192.168.0.0/255.255.0.0:allow



miner机器 ==> t02@183.240.6.92:6789  passwd:xjxh!&)^pcdown.xjxh123###
daemon机器 ==> t01@183.240.6.92:5678 passwd:xjxh!&)^pcdown.xjxh123###
storage机器 ==> user@ip passwd:A3zmBz85EmD7

miner是6789,daemon是5678


